I always assumed relays of any kind are untrustworthy. Even if there is a group of admins regulating them, that's still prone to social engineering.

Might it be possible to have relays cross-check each other? Way over my head technically: I can't imagine if it's possible to run checks that would prove validity. But it seems like the only possible solution: distribute the authority instead of trying to centralize it.

AC "The program marks and tracks the IP addresses of those who search for 'tails' or 'Amnesiac Incognito Live System' along with 'linux', ' USB ',' CD ', 'secure desktop', ' IRC ', 'truecrypt' or ' tor '." as in collects details on all who look for such tools.
More at "NSA targets the privacy-conscious" (03.07.14) https://daserste.ndr.de/panora... [daserste.ndr.de] with "Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the per

IMHO, I especially don't trust Tor. It's an obvious place that three-letter agencies would be looking. If I drive down Crack Avenue with a busted taillight, I *expect* that police will be patrolling the area and probably pull me over. It would, imho, be silly to think that authorities aren't patrolling the digital equivalent of Crack Avenue.

The general concept of onion routing was first created by the Navy. Because they operate offshore and need to use open-air signals to communicate, Navies have had a strong interest in signals intelligence for a couple thousand years.

DARPA later developed the concept a bit more, then back to Navy contractors for a working implementation. The problem then was that an "anonymized" network which is only used by the US Navy and US spies isn't all that anonymous. If a doctor in Syria is using Tor, the Syrian go

You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

Which is precisely the goal of tampering and interfering with TOR network operations. To cast doubt upon it, to make it less attractive. I really don't think it has much to do with wanting to snoop, as it is to make people think they're being snooped on and to destablize the service entirely. Seems like it's fairly effective so far too!

This is a beautiful piece of social engineering by those who want TOR to go away. Well played.

I'm fine with that. Exposing actual flaws is always a good thing. The reasons aren't important. It just means we have to do better. I feel the same about publicly available encryption in general. I don't believe it is secure beyond what the script kiddies can do. And even the hardware itself is pretty leaky. So, just like the old days, the Sunday classifieds are still the best way to get a message out.The idea of *trust no one* is as old as the hills. Some things will never change, no matter how glitzy the

Your opinion is noted. I can only say that's a horrible analogy, but carry on.

For everybody else, some cars are more dangerous that others. I would recommend you don't drive them. In some places (Flint, Michigan, maybe, possibly?) the water is poison. Anyone who says to drink it anyway.. well, let's just say wouldn't be very nice. Spoiled food? I hope that goes without saying, but in today's world you never know, considering this last response I received above.

My point is that both more secure alternatives (which have however consistently failed to materialize in any real-world deployed form, and the whole idea of anonymous networking is now something like 20 years old) and improving TOR security are both valid options. Given that TOR is already there and works and its weak points are already pretty well understood, the second seems to be the by far better option. Also note that the TOR project has long since said that hidden services need work, but that they wou

Recall the origins and past funding of Onion routing https://en.wikipedia.org/wiki/... [wikipedia.org] i.e. US needed a system that would allow US backed and funded dissidents globally to network for color revolutions https://en.wikipedia.org/wiki/... [wikipedia.org] and other long term political NGO work.
5 eye nations did not seem to be very upset with its spread and use with systems like Tempora https://en.wikipedia.org/wiki/... [wikipedia.org]. Federal funding at a police level in the US to track users goes from success to success even on low budget

That appears to be part of the problem. Not only does it stand out like the proverbial sore thumb, only the people who feel a real need are using it, making it easy to spot. We need something that blends in better, so we don't have to consider the percentage of people using it. The only thing that comes to mind for now is that steganography thing, and don't try to hide anything more complex than tiny text files.

Nations can now afford to reconcile most of their users internet patterns over time. If that fails, just induce random network drops to see who falls off the network over a few 10's, hundred or 1000 interesting users per city and provider.
If most of a nations users are just surfing, using web 2.0, doing other tasks, getting a short list of people who went looking for software would not be too hard.

Think about it. There are 196 countries in the world, all of which have police and most of which have intelligence agencies. Some hidden services have a legitimate use such as encrypted chat, but many of them are used as C&C for botnets by various criminals and for fun hackers, some of which have an interest in figuring out what the others hidden services are doing. And then there are private security researchers.

Overall, there is plenty of interest in snooping on Tor hidden services...